From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RHdht-0004A2-9Q for garchives@archives.gentoo.org; Sat, 22 Oct 2011 15:41:57 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A9F2A21C13F; Sat, 22 Oct 2011 15:41:43 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 836FE21C06B for ; Sat, 22 Oct 2011 15:40:48 +0000 (UTC) Received: by wyh5 with SMTP id 5so5832253wyh.40 for ; Sat, 22 Oct 2011 08:40:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; bh=WBr/k9rHHHIXnFSvMY/hLfz5nAtyP1RPRr1DaGt0jHI=; b=LOBeDVtlql0bShXRtRFOKYaIlNCo799koZhE3PblMr9FxL8tVpGK0vX4qCbx3OqXlE nw5CC0uxz+vFEsJ5I45WuFWK97AKAkZf0OSjjgBoqgzSoj1q3ucGSef6Vo7V5xHiSyax BRbaHyfKrdJ7AN/l31ZRoBVXkJjiCnIHEKjwY= Received: by 10.216.221.34 with SMTP id q34mr6218488wep.99.1319298047674; Sat, 22 Oct 2011 08:40:47 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id es5sm28171371wbb.11.2011.10.22.08.40.46 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 22 Oct 2011 08:40:47 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Which desktop antivirus? Date: Sat, 22 Oct 2011 16:40:32 +0100 User-Agent: KMail/1.13.7 (Linux/2.6.39-gentoo-r3; KDE/4.6.5; x86_64; ; ) References: <201110221227.43568.michaelkintzios@gmail.com> <4EA2AC79.5050102@binarywings.net> <20111022162220.7e7a7f77@toxic.dbnet> In-Reply-To: <20111022162220.7e7a7f77@toxic.dbnet> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart5170837.ReisxGGasi"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201110221640.53390.michaelkintzios@gmail.com> X-Archives-Salt: X-Archives-Hash: c2c4841933446c8eacfff12f0460e210 --nextPart5170837.ReisxGGasi Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Saturday 22 Oct 2011 15:22:20 Jonas de Buhr wrote: > Am Sat, 22 Oct 2011 13:43:53 +0200 >=20 > schrieb Florian Philipp : > > Am 22.10.2011 13:29, schrieb Nilesh Govindarajan: > > > On Sat 22 Oct 2011 04:57:33 PM IST, Mick wrote: > > >> Hi All, > > >>=20 > > >> I'm asked for a desktop antivirus (the box is running KDE) but I > > >> have never used an antivirus on Linux. This page that I googled > > >>=20 > > >> up shows a number of them: > > >> http://www.makeuseof.com/tag/free-linux-antivirus-programs/ > > >>=20 > > >> Meanwhile, portage only lists clamav under app-antivirus/. > > >>=20 > > >> The machine in question is running kmail to receive/send messages > > >> from ISP mail servers and ssmtp to send log messages for relaying > > >> via said ISP. > > >>=20 > > >> What have you tried and what would you recommend for such a > > >> desktop setup? > > >=20 > > > IMHO, you don't need antivirus on a Linux box, unless you're going > > > to run a mail relay, where you are responsible for saving recipents > > > from viruses. > >=20 > > I agree. Check that your ISP performs virus checks. If not or if you > > want to be extra sure, I think kmail can work with clamav -- at least > > it could in the old 3.x days when I still used it. > >=20 > > > The simplest reason of all is, Linux doesn't know how to execute > > > Windows binaries. > >=20 > > Well, this is an oversimplification. > > 1) Any box running Wine is possibly as exposed to your classic > > pretty-women.exe mail attachments as any windows systems. > > 2) You should also be worried about Open/LibreOffice macro viruses as > > well as PDF vulnerabilities. Not to forget Flash, Java or Mozilla > > based exploits. >=20 > or image rendering library bugs. or mono. or tricky multi-platform > viruses/worms. saying that linux based viruses don't exist is simply > wrong. there may not be much in the wild, but they definitely are out > there. >=20 > it is probably more difficult to write a successful virus for linux > than for windows for a number or reasons but in principle the problem is > the same as on windows. > i think the main technical reason is the heterogeneity of the > installations. one or two local exploits and you can hit almost any > windows XP installation. in linux you have to deal with n combinations > of kernel-version, glibc-version, etc. and there is very little you can > depend on to be in a fixed location in memory since different compiler > options may already change that. there are ways around all this of > course[1], but its a lot of work. too much for the limited impact. > also, a lot of malware seems to depend on social engineering for > infection these days. i think thats going to work less good on a lot of > linux users because the system conditions you to think before you act. >=20 > that aside, i predict that we will see some linux viruses or worms with > larger infections in the future. i guess the first ones will be for > ubuntu because it has a large base of rather consistent base > installations. >=20 > /jonas >=20 > -- >=20 > [1] fun idea: something exploiting bugs in the usb storage subsystem or > file system handling code spreading to usb sticks. you could probably > even make that multi-platform if you find the needed bugs for different > OSes. >=20 > > Still, keeping your system up-to-date and observing the freshly > > revived GLSA notifications is more likely to save your butt than > > clamav. Thanks guys, good points. The USB vector reminds me of stuxnet, although this I understand was design= ed=20 to infect Iranian MSWindows boxen. Anyway, the use case in point is to protect other MSWindows OS' when=20 sending/forwarding office and pdf documents. So the user would like to be = able=20 to scan emails as they come in/sent out. Will clamav do this with KDE4? =2D-=20 Regards, Mick --nextPart5170837.ReisxGGasi Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEABECAAYFAk6i5AUACgkQVTDTR3kpaLZG8wCgm6tvAfv380veDvOizhAn526c 75AAoNZFzFB6gTXDjoStGgMcho3ZEswv =0oOA -----END PGP SIGNATURE----- --nextPart5170837.ReisxGGasi--